display attack-defense policy ipv6

Use display attack-defense policy ipv6 to display information about IPv6 addresses protected by flood attack detection and prevention.

Syntax

In standalone mode:

display attack-defense policy policy-name { ack-flood | dns-flood | fin-flood | flood | http-flood | icmpv6-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ slot slot-number ] ] [ count ]

In IRF mode:

display attack-defense policy policy-name { ack-flood | dns-flood | fin-flood | flood | http-flood | icmpv6-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ chassis chassis-number slot slot-number ] [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

policy-name: Specifies an attack defense policy by its name. The policy name is a case-insensitive string of 1 to 31 characters. Valid characters include uppercase and lowercase letters, digits, underscores (_), and hyphens (-).

ack-flood: Specifies ACK flood attack.

dns-flood: Specifies DNS flood attack.

fin-flood: Specifies FIN flood attack.

flood: Specifies all IPv6 flood attacks.

http-flood: Specifies HTTP flood attack.

icmpv6-flood: Specifies ICMPv6 flood attack.

rst-flood: Specifies RST flood attack.

syn-ack-flood: Specifies SYN-ACK flood attack.

syn-flood: Specifies SYN flood attack.

udp-flood: Specifies UDP flood attack.

ipv6-address: Specifies a protected IPv6 address. If you do not specify an IPv6 address, this command displays information about all protected IPv6 addresses.

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the IPv6 address belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. Do not specify this option if the IPv6 address is on the public network.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information about IPv6 addresses protected by flood attack detection and prevention for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information about IPv6 addresses protected by flood attack detection and prevention for all cards. (In IRF mode.)

count: Displays the number of matching IPv6 addresses protected by flood attack detection and prevention.

Examples

# (In standalone mode.) Display information about all IPv6 addresses protected by flood attack detection and prevention in attack defense policy abc.

<Sysname> display attack-defense policy abc flood ipv6
Slot 1:
IPv6 address    VPN instance     Type          Rate threshold(PPS) Dropped
2013::127f      --               SYN-ACK-FLOOD 100                 4294967295
2::5            --               ACK-FLOOD     100                 10
1::5            --               ACK-FLOOD     100                 23 
Slot 2:
IPv6 address    VPN instance     Type          Rate threshold(PPS) Dropped

# (In standalone mode.) Display the number of IPv6 addresses protected by flood attack detection and prevention in attack defense policy abc.

<Sysname> display attack-defense policy abc flood ipv6 count
Slot 1:
Totally 3 flood protected IP addresses.
Slot 2:
Totally 0 flood protected IP addresses.

Table 74: Command output

Field

Description

Totally 3 flood protected IP addresses

Total number of the IPv6 addresses protected by flood attack detection and prevention.

IPv6 address

Protected IPv6 address.

VPN instance

MPLS L3VPN instance to which the protected IPv6 address belongs. If the protected IPv6 address is on the public network, this field displays hyphens (--).

Type

Type of the flood attack.

Rate threshold(PPS)

Threshold for triggering the flood attack prevention, in units of packets sent to the IPv6 address per second. If no rate threshold is set, this field displays a hyphen (-).

Dropped

Number of dropped attack packets. If the prevention action is logging, this field displays 0.